Google needs to get rid of their “Don’t be evil” motto. Not because they are evil but because it’s a horrible motto. First, it provides fodder for everyone the moment they make a mistake. You can find plenty of posts saying they should change their motto to “Don’t be stupid” or “Don’t respect privacy” or plenty of other variations; it’s just too simple.

I don't want to do this to you. Seriously. It's my motto.

But second, and I think more compelling, it’s kinda creepy. If I told you my motto was “Don’t walk up to people and punch them in the face” then you’d probably keep your distance from me. It means that’s what I’m thinking about, so the notion that Google is thinking about or reminding themselves not to be evil is a bit concerning.

Google set the stage with their precedent setting 20-year FTC monitoring program. This led to Facebook’s similar program and the FTC essentially looking out at the Internet, thumping their chest, and saying “Who’s next? Who wants a piece of some 20-year monitoring action?” Based on that FTC settlement, one would think that Google would be overly cautious about any kind of program that has privacy implications, whether actual or apparent.

Guess not.

Earlier this week a Stanford researcher discovered code that Google was embedding in some of the ads it served to Safari users that bypassed the way Safari handled user tracking behavior. By default, Safari blocks attempts for ads to place cookies on users’ systems. But Safari does allow information to be placed on a system if the user affirmatively interacts with, say, a web form. So Google placed code that tricked Safari into thinking that the user had submitted some information via a hidden form. This made Safari think it was okay to now allow tracking information on the system so Google got their cookie placed.

From the Google perspective, they were just ensuring that Safari users were treated the same way as other browser users for various interactive elements (like showing what Google+ friends had +1’ed an article, etc.). From the perspective of a user concerned about privacy, this is shady at best.

Google has tried to make their position clear—that this was for good intentions. But they see the other side of the argument and have removed all instances of this code once the Wall Street Journal approached them. That’s a little late, I think.

Perhaps Google has not learned the essential lesson from their FTC settlement: that users do not know Google’s intentions and, worse, they assume their intentions are the opposite of Google’s motto. Google is one of the largest information gathering platforms on the Internet, possibly duking it out with Facebook (or they’ve dwarfed Facebook and we don’t realize it) so they must be extra cautious about any activity that can be viewed negatively. As a lawyer, I know almost any activity can be viewed as risky (“You saved that baby’s life…but what if that baby grows up into the next mass murderer?!”), but there are some activities that are easier to see the downside on than others. This should have been an easy one to identify—any activity that uses a trick to make a browser think the user is doing something they aren’t should have raised a few flags.

Having effective privacy controls and policies is no longer cutting edge, it’s a ticket to entry. Google understands this and that’s one of many reasons they’ve consolidated their plethora of privacy policies (say that ten times quickly) into one document. But they need to go one step further—they need to evaluate every action they take and if it isn’t something they would be proud to put on the front page of Google then they just shouldn’t do it. This isn’t just for Google; many platforms would benefit from this kind of standard. Otherwise small incidents like this one, taking as a whole, will make users and possibly the FTC question if Google is living up to its obligations.

IMPORTANT DISCLAIMER

SoMeLaw Thoughts are entirely my own opinion about social media legal issues and not the statement, opinion, or in any other way affiliated with Dell.

This means I could be completely wrong about everything I post here. Sure, I’ve practiced for over ten years in technology law and have supported Dell’s social media team for a fair amount of time, but if you get five lawyers in a room and ask a question you’re likely to get seven different opinions. Oh, and it’s a really boring room. And someone will probably start quoting Latin. So I could be totally wrong here.

This is also not specific legal advice for you. I don't know you. Even if I know you I didn't write this for you, I wrote it for the blog and you're reading it. You want legal advice? Hire an attorney! A good one.